Lucene search
K

87063 matches found

CVE
CVE
added 2026/04/10 4:3 p.m.17 views

CVE-2026-35620

Technical details beyond the description are not provided in the supplied documents. Monitor for updates from official advisories.

5.4CVSS5.9AI score0.00442EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 4:3 p.m.1 views

CVE-2026-35620 OpenClaw < 2026.3.24 - Missing Authorization in /send and /allowlist Chat Commands

OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only session delivery policy settings, and the /allowlist mutating commands fail to enforce...

5.4CVSS5.9AI score0.00442EPSS
Exploits1References6
EUVD
EUVD
added 2026/04/10 4:3 p.m.6 views

EUVD-2026-21432

OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only session delivery policy settings, and the /allowlist mutating commands fail to enforce...

5.4CVSS5.9AI score0.00442EPSS
Exploits1References6
ATTACKERKB
ATTACKERKB
added 2026/04/10 4:3 p.m.4 views

CVE-2026-35620

OpenClaw before 2026.3.24 contains missing authorization vulnerabilities in the /send and /allowlist chat command handlers. The /send command allows non-owner command-authorized senders to change owner-only session delivery policy settings, and the /allowlist mutating commands fail to enforce...

5.4CVSS5.9AI score0.00442EPSS
Exploits1References7
Cvelist
Cvelist
added 2026/04/10 3:58 p.m.23 views

CVE-2026-35595 Vikunja Affected by Privilege Escalation via Project Reparenting

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, the CanUpdate check at pkg/models/projectpermissions.go:139-148 only requires CanWrite on the new parent project when changing parentprojectid. However, Vikunja's permission model uses a recursive CTE that walks up th...

8.3CVSS0.0029EPSS
Exploits1References4
Snyk
Snyk
added 2026/04/10 3:33 p.m.5 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the parentprojectid update process. An attacker can gain unauthorized administrative privileges by moving a project under a project they own, allowing them to delete the project, manage sharing settings,...

8.7CVSS5.8AI score0.0029EPSS
Exploits1References2
Snyk
Snyk
added 2026/04/10 3:33 p.m.4 views

Improper Privilege Management

Overview Affected versions of this package are vulnerable to Improper Privilege Management in the parentprojectid update process. An attacker can gain unauthorized administrative privileges by moving a project under a project they own, allowing them to delete the project, manage sharing settings,...

8.7CVSS5.8AI score0.0029EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2026/04/10 3:33 p.m.4 views

Vikunja vulnerable to Privilege Escalation via Project Reparenting

Summary A user with Write-level access to a project can escalate their permissions to Admin by moving the project under a project they own. After reparenting, the recursive permission CTE resolves ownership of the new parent as Admin on the moved project. The attacker can then delete the project,...

8.3CVSS5.8AI score0.0029EPSS
Exploits1References6Affected Software1
OSV
OSV
added 2026/04/10 3:33 p.m.3 views

GHSA-2VQ4-854F-5C72 Vikunja vulnerable to Privilege Escalation via Project Reparenting

Summary A user with Write-level access to a project can escalate their permissions to Admin by moving the project under a project they own. After reparenting, the recursive permission CTE resolves ownership of the new parent as Admin on the moved project. The attacker can then delete the project,...

8.3CVSS5.8AI score0.0029EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2026/04/10 3:11 p.m.4 views

CVE-2026-29002 CouchCMS Privilege Escalation via f_k_levels_list Parameter

CouchCMS contains a privilege escalation vulnerability that allows authenticated Admin-level users to create SuperAdmin accounts by tampering with the fklevelslist parameter in user creation requests. Attackers can modify the parameter value from 4 to 10 in the HTTP request body to bypass...

8.6CVSS5.9AI score0.00427EPSS
Exploits1References3
CVE
CVE
added 2026/04/10 3:11 p.m.10 views

CVE-2026-29002

CouchCMS has a privilege escalation flaw where authenticated Admin users can create SuperAdmin accounts by tampering with the f_k_levels_list parameter in user creation requests. The issue is triggered when the parameter value is changed from 4 to 10 in the HTTP request body, bypassing authorizat...

8.6CVSS5.9AI score0.00427EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2026/04/10 3:10 p.m.10 views

Missing Authorization

Django is vulnerable to Missing Authorization. The vulnerability is due to missing validation of add permissions for inline model instances in GenericInlineModelAdmin, which allows an attacker to submit forged POST data and create unauthorized objects...

9.8CVSS5.8AI score0.00458EPSS
Exploits0References5Affected Software2
OSV
OSV
added 2026/04/10 12:48 p.m.6 views

SUSE-SU-2026:21121-1 Security update for NetworkManager

This update for NetworkManager fixes the following issues: - CVE-2025-9615: Fixed non-admin user using others' certificates bsc1257359...

3.3CVSS5.7AI score0.00162EPSS
Exploits0References3
OSV
OSV
added 2026/04/10 8:49 a.m.2 views

BIT-JOOMLA-2026-21629 Joomla! Core - [20260301] - ACL hardening in com_ajax

The ajax component was excluded from the default logged-in-user check in the administrative area. This behavior was potentially unexpected by 3rd party developers...

7.3CVSS5.8AI score0.00249EPSS
Exploits0References2
NVD
NVD
added 2026/04/10 4:16 a.m.6 views

CVE-2026-2305

The AddFunc Head & Footer Code plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the aFhfcheadcode, aFhfcbodycode, and aFhfcfootercode post meta values in all versions up to, and including, 2.3. This is due to the plugin outputting these meta values without any sanitization or...

6.4CVSS0.002EPSS
Exploits0References8
EUVD
EUVD
added 2026/04/10 3:31 a.m.2 views

EUVD-2026-21266

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress is vulnerable to Improper Access Control in all versions up to, and including, 1.2.58 This is due to insufficient field-level permission validation in the uploadfileremove AJAX handler whe...

4.3CVSS5.9AI score0.00297EPSS
Exploits0References9
NVD
NVD
added 2026/04/10 2:16 a.m.9 views

CVE-2026-4977

The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress is vulnerable to Improper Access Control in all versions up to, and including, 1.2.58 This is due to insufficient field-level permission validation in the uploadfileremove AJAX handler whe...

4.3CVSS0.00297EPSS
Exploits0References8
NVD
NVD
added 2026/04/10 2:16 a.m.11 views

CVE-2026-2712

The WP-Optimize plugin for WordPress is vulnerable to unauthorized access of functionality due to missing capability checks in the receiveheartbeat function in includes/class-wp-optimize-heartbeat.php in all versions up to, and including, 4.5.0. This is due to the Heartbeat handler directly...

5.4CVSS0.00427EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/10 2:15 a.m.2 views

CVE-2026-6003

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument fname leads to cross site scripting. The attack may be performed from remote. The exploit has been...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 2:15 a.m.2 views

CVE-2026-6003 code-projects Simple IT Discussion Forum user.php cross site scripting

A security vulnerability has been detected in code-projects Simple IT Discussion Forum 1.0. This issue affects some unknown processing of the file /admin/user.php. Such manipulation of the argument fname leads to cross site scripting. The attack may be performed from remote. The exploit has been...

4.8CVSS4.2AI score0.00202EPSS
Exploits0References5
Rows per page
Query Builder